OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/7418
Full headers

From: sascha.kuehndel@deka.de
Subject: slapo-constraint are broken
Compose comment
Download message
State:
0 replies:
9 followups: 1 2 3 4 5 6 7 8 9

Major security issue: yes  no

Notes:

Notification:


Date: Thu, 18 Oct 2012 18:46:43 +0000
From: sascha.kuehndel@deka.de
To: openldap-its@OpenLDAP.org
Subject: slapo-constraint are broken
Full_Name: Sascha Kuehndel
Version: 2.4.33
OS: HP-UX 11.31
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (192.166.104.102)


After upgrade slapd from 2.4.32 to 2.4.33, same contraints fails always.
Any change on an entry in restricted tree is not possible.

1. Comment out the contraints helps.
2. I have downgraded the constraint.c, only. After rebuild, the slapds works
fine again.

Constraint:
constraint_attribute dekanetZielgruppenDN uri
  ldap:///ou=Zielgruppen,ou=dekanet,dc=dekager,dc=dekabank,dc=extern?entryDN?one?(objectClass=dekanetZielgruppe)
  restrict=ldap:///ou=Benutzer,ou=dekanet,dc=dekager,dc=dekabank,dc=extern??one

Change:
#!RESULT ERROR
#!CONNECTION ldap://dk-ketos:6418
#!DATE 2012-10-18T18:29:02.840
#!ERROR [LDAP: error code 19 - modify breaks constraint on dekanetEmailAdr]
dn: dekanetObjLID=74386878,ou=Benutzer,ou=dekanet,dc=dekager,dc=dekabank,dc=ex
 tern
changetype: modify
replace: dekanetEmailAdr
dekanetEmailAdr: test1234@deka.de
-

Greatings,
Sascha

Followup 1

Download message
Date: Thu, 18 Oct 2012 21:26:02 +0200
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
To: openldap-its@openldap.org
Subject: Re: (ITS#7418) slapo-constraint are broken
This is a cryptographically signed message in MIME format.

--------------ms060905030203070305090206
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

I suspect this is related to changes because of fix for ITS#7168 similar
or same like ITS#7340.

Ciao, Michael.



--------------ms060905030203070305090206
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILHzCC
BT8wggQnoAMCAQICDwCmSwABAAIAivjZQ8SBvzANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQG
EwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21iSDElMCMGA1UECxMcVEMgVHJ1c3RD
ZW50ZXIgQ2xhc3MgMSBMMSBDQTEoMCYGA1UEAxMfVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMSBM
MSBDQSBJWDAeFw0xMjA2MDYxOTAyMTZaFw0xMzA2MDcxOTAyMTZaMCgxCzAJBgNVBAYTAkRF
MRkwFwYDVQQDDBBNaWNoYWVsIFN0csO2ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAxXZGav40rnGNLxEggBW94MILWHlfC8a23Jew5U1gPlfRTXOjjzmoaZ1uCyGdgF6M
VvuO9T1aTQNGH+OdeGe3P7Tfc/NsLJFJ2wtd8blvhmodUgse2eypiWjNOd4gZuhalBhgsQ0K
b5D6/1foghII4E264iZlJ7AJ+UYcO+GxvFWT0YMTbLckgDkZk7c3qwTozdhYvXarvqx+8Ou/
kuxpQQhac/ebzxpu0N+RHSf2KIUS0g0tEGnPtGv6iL+9QNHc4JKo9Y9KKVw3tQy+Re+FQLxB
1fPE5F+qxuD3AUENpOwkMsqWLM94ohtx3CFqLpxfUPrnKFLAHOhHEbByYGvFPwIDAQABo4IC
EDCCAgwwgaUGCCsGAQUFBwEBBIGYMIGVMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3LnRydXN0
Y2VudGVyLmRlL2NlcnRzZXJ2aWNlcy9jYWNlcnRzL3RjX2NsYXNzMV9MMV9DQV9JWC5jcnQw
QAYIKwYBBQUHMAGGNGh0dHA6Ly9vY3NwLml4LnRjY2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1
c3RjZW50ZXIuZGUwHwYDVR0jBBgwFoAU6bgoHUbP/M34TpvF7ktg69g7P9EwDAYDVR0TAQH/
BAIwADBKBgNVHSAEQzBBMD8GCSqCFAAsAQEBATAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3
LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBS2
KAWfTfgJ/JQ63qLGwTXYLnI+LzBiBgNVHR8EWzBZMFegVaBThlFodHRwOi8vY3JsLml4LnRj
Y2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1c3RjZW50ZXIuZGUvY3JsL3YyL3RjX0NsYXNzMV9M
MV9DQV9JWC5jcmwwMwYDVR0lBCwwKgYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBwYK
KwYBBAGCNxQCAjAfBgNVHREEGDAWgRRtaWNoYWVsQHN0cm9lZGVyLmNvbTANBgkqhkiG9w0B
AQUFAAOCAQEAQ3bvVUpEq+cQrLpcogyt5BJNk/WvUvOHqhzyj28M9pg9hcDl1+MYl5qqj6tR
GSTLPQZyf287pcmbMwbcTGZO/gbW9v7RYcut6RauWdwKMCUmKC3J4fVfDq9ZETA2WOV68ef4
B3Gzdhghsbp3Rhp5dDmrCVKAHlafm6ZwJrEQ9P76fxnQZzRLgeKpZep5ePH5YHUB3+YaOQvJ
FG0bOXvfHhRiRG7/HW2G+yDgjHSxDz8AFzMWL/RFePqZ4pn6T/SM/qU6WEpW39MWyJNoH/Kx
QDYK8gGYuesn1ciMCTnjrvZQj0fonGTO4SfWekJRkuGrJ7dYSZRjYbDcWBBkdFLWzzCCBdgw
ggTAoAMCAQICDgboAAEAAkqWLSQM/sXJMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAkRF
MRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSQwIgYDVQQLExtUQyBUcnVzdENlbnRl
ciBVbml2ZXJzYWwgQ0ExJjAkBgNVBAMTHVRDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQSBJ
MB4XDTA5MTEwMzE0MDgxOVoXDTI1MTIzMTIxNTk1OVowfDELMAkGA1UEBhMCREUxHDAaBgNV
BAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJTAjBgNVBAsTHFRDIFRydXN0Q2VudGVyIENsYXNz
IDEgTDEgQ0ExKDAmBgNVBAMTH1RDIFRydXN0Q2VudGVyIENsYXNzIDEgTDEgQ0EgSVgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC75pBuz2Lp6QuqthDVR+V8XSsncZpozVVt
5KLv5P7yemMRwleKyH3PjmYfZUVL64Biab1GjovFblqVGCrep/EfdRonq20yU+P7TVhiLP8Z
5cegDZotIYhZhM0d8cPIij6w5d4IJM/8QCy6QSOUu4ASiTVItoYE4AFPjLqpmPwcie0fiqHH
hpgmHnJla/7PZdkMZEsaCfVDEWBmJuMzVprJPT40anjG5VBLyM2I5DlsUCaeQCy2O3w3sqf1
3dyzUcv03IICuNc63towXA31Qt0TaVNU6YAmQjMepdfMbspmCZ+G8D2+xophEPPR/1vkstst
smUMqX0XrLonTUJczglPAgMBAAGjggJZMIICVTCBmgYIKwYBBQUHAQEEgY0wgYowUgYIKwYB
BQUHMAKGRmh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2VydHNlcnZpY2VzL2NhY2VydHMv
dGNfdW5pdmVyc2FsX3Jvb3RfSS5jcnQwNAYIKwYBBQUHMAGGKGh0dHA6Ly9vY3NwLnRjdW5p
dmVyc2FsLUkudHJ1c3RjZW50ZXIuZGUwHwYDVR0jBBgwFoAUkqR1LKSevoFE63n8isWVpesQ
dXMwEgYDVR0TAQH/BAgwBgEB/wIBADBSBgNVHSAESzBJMAYGBFUdIAAwPwYJKoIUACwBAQEB
MDIwMAYIKwYBBQUHAgEWJGh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lczAO
BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFOm4KB1Gz/zN+E6bxe5LYOvYOz/RMIH9BgNVHR8E
gfUwgfIwge+ggeyggemGRmh0dHA6Ly9jcmwudGN1bml2ZXJzYWwtSS50cnVzdGNlbnRlci5k
ZS9jcmwvdjIvdGNfdW5pdmVyc2FsX3Jvb3RfSS5jcmyGgZ5sZGFwOi8vd3d3LnRydXN0Y2Vu
dGVyLmRlL0NOPVRDJTIwVHJ1c3RDZW50ZXIlMjBVbml2ZXJzYWwlMjBDQSUyMEksTz1UQyUy
MFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/
Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAOcjE
m+6+mO5Icm+N53G2DpCM07LBFSGoRpBoX0oE8TrJaIQh2KXmBHVdn9LU8kt3QzLclctgvwJV
0KwcsMUUl5tlCsMPpR3s2Ek5lbWpvvr0HqtW56blAQiINV9nBd1EJFASIkRjefGbV2nOq9Yz
UU+N8HA7jq1ROhd/NZZraGhjthwKyfjfHV7PKxGlY+3M0MbTIG+q/GhIfm0euDpFqhKG88e9
ALXr/uoSn3MzeOcoOWjTpW3adtFO4VWVgKbgG7jNrFbvRVlHmFLbOm4msjE5aXWxLiTwpJ2X
iF4zKca1vAdAOgw9us90jEtOeiH6GzjNxEMvb7TfeO6Zkuc6HDGCA84wggPKAgEBMIGPMHwx
CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYDVQQLExxU
QyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENlbnRlciBD
bGFzcyAxIEwxIENBIElYAg8ApksAAQACAIr42UPEgb8wCQYFKw4DAhoFAKCCAhMwGAYJKoZI
hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTIxMDE4MTkyNjAyWjAjBgkq
hkiG9w0BCQQxFgQU7QCgPPclKaMhoNwC33a+he0n9jAwbAYJKoZIhvcNAQkPMV8wXTALBglg
hkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggq
hkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDCBoAYJKwYBBAGCNxAEMYGSMIGP

Message of length 5844 truncated


Followup 2

Download message
From: <Sascha.Kuehndel@deka.de>
To: <openldap-its@openldap.org>
Date: Mon, 22 Oct 2012 21:14:03 +0200
Subject: AW: (ITS#7418) slapo-constraint are broken
--_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,

i have reduced the configuration and the DIT to a minium.
So i can now send the slapd.conf, the initial dit and the test-change.

I hope you can reproduce the error, with it.

The uses software:
OpenLDAP: 2.4.33
BDB: 5.3.21
OpenSSL: 1.0.1c

Thanks,
Sascha Kuehndel


--_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_
Content-Type: application/octet-stream; name="initial.ldif"
Content-Description: initial.ldif
Content-Disposition: attachment; filename="initial.ldif"; size=1490;
	creation-date="Mon, 22 Oct 2012 19:06:34 GMT";
	modification-date="Mon, 22 Oct 2012 18:41:40 GMT"
Content-Transfer-Encoding: base64

ZG46IG91PWRla2EsZGM9ZXhhbXBsZSxkYz1jb20Kb3U6IGRla2FuZXQKb2JqZWN0Q2xhc3M6IG9y
Z2FuaXphdGlvbmFsVW5pdApzdHJ1Y3R1cmFsT2JqZWN0Q2xhc3M6IG9yZ2FuaXphdGlvbmFsVW5p
dAplbnRyeVVVSUQ6IDdiOWRkOWQyLWIwYmMtMTAzMS05ZjI1LTA1OWJlYjBiYjUzYwplbnRyeUNT
TjogMjAxMjEwMjIxNzQ4NTAuODEwNDY3WiMwMDAwMDAjMDAwIzAwMDAwMAoKZG46IG91PWdyb3Vw
LG91PWRla2EsZGM9ZXhhbXBsZSxkYz1jb20Kb3U6IFppZWxncnVwcGVuCmRlc2NyaXB0aW9uOiBD
b250YWluZXIgZnVlciBaaWVsZ3J1cHBlbmVpbnRyYWVnZQpvYmplY3RDbGFzczogb3JnYW5pemF0
aW9uYWxVbml0CnN0cnVjdHVyYWxPYmplY3RDbGFzczogb3JnYW5pemF0aW9uYWxVbml0CmVudHJ5
VVVJRDogODQwNTExMTItYjBiYy0xMDMxLTlmMjYtMDU5YmViMGJiNTNjCmVudHJ5Q1NOOiAyMDEy
MTAyMjE3NDkwNC45MDg2NjBaIzAwMDAwMCMwMDAjMDAwMDAwCgpkbjogdWlkPTE0LG91PWdyb3Vw
LG91PWRla2EsZGM9ZXhhbXBsZSxkYz1jb20KdWlkOiAxNApvYmplY3RDbGFzczogYWNjb3VudApv
YmplY3RDbGFzczogdG9wCnN0cnVjdHVyYWxPYmplY3RDbGFzczogYWNjb3VudAplbnRyeVVVSUQ6
IDg0N2VhYzVjLWIwYmMtMTAzMS05ZjM2LTA1OWJlYjBiYjUzYwplbnRyeUNTTjogMjAxMjEwMjIx
NzUxMjcuNzIyNzQ3WiMwMDAwMDAjMDAwIzAwMDAwMAoKZG46IG91PXVzZXIsb3U9ZGVrYSxkYz1l
eGFtcGxlLGRjPWNvbQpvdTogQmVudXR6ZXIKb2JqZWN0Q2xhc3M6IG9yZ2FuaXphdGlvbmFsVW5p
dApzdHJ1Y3R1cmFsT2JqZWN0Q2xhc3M6IG9yZ2FuaXphdGlvbmFsVW5pdAplbnRyeVVVSUQ6IDhh
ZDhjYTEwLWIwYmMtMTAzMS05ZjNhLTA1OWJlYjBiYjUzYwplbnRyeUNTTjogMjAxMjEwMjIxNzQ5
MTYuMzYyNTU1WiMwMDAwMDAjMDAwIzAwMDAwMAoKZG46IGRjPTEsb3U9dXNlcixvdT1kZWthLGRj
PWV4YW1wbGUsZGM9Y29tCmRjOiAxCm9iamVjdENsYXNzOiBkb21haW4Kb2JqZWN0Q2xhc3M6IHRv
cAphc3NvY2lhdGVkTmFtZTogdWlkPTE0LG91PWdyb3VwLG91PWRla2EsZGM9ZXhhbXBsZSxkYz1j
b20Kc3RydWN0dXJhbE9iamVjdENsYXNzOiBkb21haW4KZW50cnlVVUlEOiA3ODgwZDBlNi1iMGMy
LTEwMzEtODk1Yi1hMWEzZjJmYmFjYjcKZW50cnlDU046IDIwMTIxMDIyMTgzMTQyLjU2NzI3OVoj
MDAwMDAwIzAwMCMwMDAwMDAKCmRuOiBkYz0yLG91PXVzZXIsb3U9ZGVrYSxkYz1leGFtcGxlLGRj
PWNvbQpkYzogMgpvYmplY3RDbGFzczogZG9tYWluCm9iamVjdENsYXNzOiB0b3AKYXNzb2NpYXRl
ZE5hbWU6IHVpZD0xNCxvdT1ncm91cCxvdT1kZWthLGRjPWV4YW1wbGUsZGM9Y29tCnN0cnVjdHVy
YWxPYmplY3RDbGFzczogZG9tYWluCmVudHJ5VVVJRDogODA0MTUyNTYtYjBjMi0xMDMxLTg5NWMt
YTFhM2YyZmJhY2I3CmVudHJ5Q1NOOiAyMDEyMTAyMjE4MzE1NS41NzMwNThaIzAwMDAwMCMwMDAj
MDAwMDAwCgo=

--_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_
Content-Type: application/octet-stream; name="slapd.conf"
Content-Description: slapd.conf
Content-Disposition: attachment; filename="slapd.conf"; size=818;
	creation-date="Mon, 22 Oct 2012 19:06:27 GMT";
	modification-date="Mon, 22 Oct 2012 19:05:29 GMT"
Content-Transfer-Encoding: base64

IyBTY2hlbWF0YSBhdXMgZGVyIE9wZW5MREFQLURpc3RyaWJ1dGlvbgppbmNsdWRlCSAgICAgICAg
ICAgICAgICAgc2xhcGQvZXRjL29wZW5sZGFwL3NjaGVtYS9jb3JlLnNjaGVtYQppbmNsdWRlCSAg
ICAgICAgICAgICAgICAgc2xhcGQvZXRjL29wZW5sZGFwL3NjaGVtYS9jb3NpbmUuc2NoZW1hCgoj
IExvYWQgbW9kdWxlcwptb2R1bGVwYXRoICAgICAgICAgICAgICAgc2xhcGQvbGliZXhlYy9vcGVu
bGRhcAptb2R1bGVsb2FkICAgICAgICAgICAgICAgYmFja19oZGIubGEKbW9kdWxlbG9hZCAgICAg
ICAgICAgICAgIGNvbnN0cmFpbnQubGEKCiMgQmFzZSBrb25maWd1cmF0aW9uCnBpZGZpbGUgICAg
ICAgICAgICAgICAgICBzbGFwZC5waWQKYXJnc2ZpbGUgICAgICAgICAgICAgICAgIHNsYXBkLmFy
Z3MKCiMgRGF0YWJhc2UKZGF0YWJhc2UgICAgICAgICAgICAgICAgIGhkYgoKc3VmZml4ICAgICAg
ICAgICAgICAgICAgICJvdT1kZWthLGRjPWV4YW1wbGUsZGM9Y29tIgpkaXJlY3RvcnkgICAgICAg
ICAgICAgICAgZXhhbXBsZQpyb290ZG4gICAgICAgICAgICAgICAgICAgImNuPXJvb3Qsb3U9ZGVr
YSxkYz1leGFtcGxlLGRjPWNvbSIKcm9vdHB3ICAgICAgICAgICAgICAgICAgIHJvb3QKCm92ZXJs
YXkgY29uc3RyYWludApjb25zdHJhaW50X2F0dHJpYnV0ZSBhc3NvY2lhdGVkTmFtZSB1cmkKICBs
ZGFwOi8vL291PWdyb3VwLG91PWRla2EsZGM9ZXhhbXBsZSxkYz1jb20/ZW50cnlETj9vbmU/KG9i
amVjdENsYXNzPWFjY291bnQpCiAgcmVzdHJpY3Q9bGRhcDovLy9vdT11c2VyLG91PWRla2EsZGM9
ZXhhbXBsZSxkYz1jb20/P29uZQo=

--_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_
Content-Type: application/octet-stream; name="test.ldif"
Content-Description: test.ldif
Content-Disposition: attachment; filename="test.ldif"; size=96;
	creation-date="Mon, 22 Oct 2012 19:07:18 GMT";
	modification-date="Mon, 22 Oct 2012 19:07:00 GMT"
Content-Transfer-Encoding: base64

ZG46IGRjPTIsb3U9dXNlcixvdT1kZWthLGRjPWV4YW1wbGUsZGM9Y29tCmNoYW5nZXR5cGU6IG1v
ZGlmeQphZGQ6IGRlc2NyaXB0aW9uCmRlc2NyaXB0aW9uOiBhCi0K

--_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_--



Followup 3

Download message
Date: Mon, 22 Oct 2012 12:18:23 -0700
From: Quanah Gibson-Mount <quanah@zimbra.com>
To: =?UTF-8?Q?Jan_V=C4=8Del=C3=A1k?= <jvcelak@redhat.com>
cc: openldap-its@openldap.org
Subject: Re: AW: (ITS#7418) slapo-constraint are broken
--On Monday, October 22, 2012 7:14 PM +0000 Sascha.Kuehndel@deka.de wrote:

> --_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> Hello,
>
> i have reduced the configuration and the DIT to a minium.
> So i can now send the slapd.conf, the initial dit and the test-change.
>
> I hope you can reproduce the error, with it.

Hi Jan,

It appears your changes to slapo-constraint broke at least one 
configuration option.  Can you please review the information in this ITS 
and update your changes.  Thanks.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration



Followup 4

Download message
Date: Tue, 23 Oct 2012 07:25:55 +0200
From: Jan Synacek <jsynacek@redhat.com>
To: quanah@zimbra.com
CC: openldap-its@openldap.org
Subject: Re: AW: (ITS#7418) slapo-constraint are broken
On 10/22/2012 09:19 PM, quanah@zimbra.com wrote:
> --On Monday, October 22, 2012 7:14 PM +0000 Sascha.Kuehndel@deka.de wrote:
> 
>> --_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_
>> Content-Type: text/plain; charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>>
>> Hello,
>>
>> i have reduced the configuration and the DIT to a minium.
>> So i can now send the slapd.conf, the initial dit and the test-change.
>>
>> I hope you can reproduce the error, with it.
> 
> Hi Jan,
> 
> It appears your changes to slapo-constraint broke at least one 
> configuration option.  Can you please review the information in this ITS 
> and update your changes.  Thanks.
> 

Hi,

those changes were made by me (different Jan).
I will look into it and update the testcases.


-- 
Jan Synacek
Software Engineer, BaseOS team Brno, Red Hat



Followup 5

Download message
Date: Tue, 23 Oct 2012 09:46:46 -0700
From: Quanah Gibson-Mount <quanah@zimbra.com>
To: jsynacek@redhat.com, openldap-its@openldap.org
Subject: Re: AW: (ITS#7418) slapo-constraint are broken
--On Tuesday, October 23, 2012 5:26 AM +0000 jsynacek@redhat.com wrote:

> On 10/22/2012 09:19 PM, quanah@zimbra.com wrote:
>> --On Monday, October 22, 2012 7:14 PM +0000 Sascha.Kuehndel@deka.de
>> wrote:
>>
>>> --_004_F12A906A1F17554CB9CDFC8F4779F3C469A046FAB9EXCCREX9dekag_
>>> Content-Type: text/plain; charset="iso-8859-1"
>>> Content-Transfer-Encoding: quoted-printable
>>>
>>> Hello,
>>>
>>> i have reduced the configuration and the DIT to a minium.
>>> So i can now send the slapd.conf, the initial dit and the
test-change.
>>>
>>> I hope you can reproduce the error, with it.
>>
>> Hi Jan,
>>
>> It appears your changes to slapo-constraint broke at least one
>> configuration option.  Can you please review the information in this
ITS
>> and update your changes.  Thanks.
>>
>
> Hi,
>
> those changes were made by me (different Jan).
> I will look into it and update the testcases.

Thanks. Sorry for the mixup, I picked the first Jan that came up in my 
mailbox search.

--Quanah


--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration



Followup 6

Download message
Date: Thu, 25 Oct 2012 08:36:23 +0200
From: Jan Synacek <jsynacek@redhat.com>
To: Sascha.Kuehndel@deka.de
CC: openldap-its@OpenLDAP.org
Subject: Re: AW: (ITS#7418) slapo-constraint are broken
This is a multi-part message in MIME format.
--------------030809010302060201080601
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

On 10/22/2012 09:14 PM, Sascha.Kuehndel@deka.de wrote:
> Hello,
> 
> i have reduced the configuration and the DIT to a minium.
> So i can now send the slapd.conf, the initial dit and the test-change.
> 
> I hope you can reproduce the error, with it.
> 
> The uses software:
> OpenLDAP: 2.4.33
> BDB: 5.3.21
> OpenSSL: 1.0.1c
> 
> Thanks,
> Sascha Kuehndel
> 

Could you please try the attached patch?

Thank you,

-- 
Jan Synacek
Software Engineer, BaseOS team Brno, Red Hat

--------------030809010302060201080601
Content-Type: text/x-patch;
 name="constraint2.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="constraint2.patch"

diff --git a/servers/slapd/overlays/constraint.c
b/servers/slapd/overlays/constraint.c
index 2d943a2..e7b5689 100644
--- a/servers/slapd/overlays/constraint.c
+++ b/servers/slapd/overlays/constraint.c
@@ -845,9 +845,6 @@ constraint_check_count_violation( Modifications *m, Entry
*target_entry, constra
 	unsigned ca;
 	int j;
 
-	if ( cp->set )
-		return 0;
-
 	for ( j = 0; cp->ap[j]; j++ ) {
 		/* Get this attribute count */
 		if ( target_entry )
@@ -905,7 +902,6 @@ constraint_update( Operation *op, SlapReply *rs )
 	int rc;
 	char *msg = NULL;
 	int is_v;
-	int first = 1;
 
 	if (get_relax(op)) {
 		return SLAP_CB_CONTINUE;
@@ -933,15 +929,17 @@ constraint_update( Operation *op, SlapReply *rs )
 		return(rs->sr_err);
 	}
 
+	op->o_bd = on->on_info->oi_origdb;
+	rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0,
&target_entry );
+	op->o_bd = be;
+
 	/* Do we need to count attributes? */
 	for(cp = c; cp; cp = cp->ap_next) {
-		if (cp->count != 0 || cp->set || cp->restrict_lud != 0) {
-			if (first) {
-				op->o_bd = on->on_info->oi_origdb;
-				rc = be_entry_get_rw( op, &op->o_req_ndn, NULL, NULL, 0,
&target_entry );
-				op->o_bd = be;
-				first = 0;
-			}
+		if (cp->restrict_lud && constraint_check_restrict(op, cp,
target_entry) == 0) {
+			continue;
+		}
+
+		if (cp->count != 0) {
 			if (rc != 0 || target_entry == NULL) {
 				Debug(LDAP_DEBUG_TRACE, 
 					"==> constraint_update rc = %d DN=\"%s\"%s\n",
@@ -964,6 +962,7 @@ constraint_update( Operation *op, SlapReply *rs )
 		}
 	}
 
+
 	rc = LDAP_CONSTRAINT_VIOLATION;
 	for(;m; m = m->sml_next) {
 		unsigned ce = 0;

--------------030809010302060201080601--



Followup 7

Download message
From: <Sascha.Kuehndel@deka.de>
To: <jsynacek@redhat.com>
CC: <openldap-its@openldap.org>
Date: Thu, 25 Oct 2012 13:40:10 +0200
Subject: AW: AW: (ITS#7418) slapo-constraint are broken
Hi,

it looks better.
make test an my own tests was successful.

Thanks,
Sascha

---------------------------------------------------------------------------------------
#!RESULT OK
dn: dc=1,ou=user,ou=deka,dc=example,dc=com
changetype: modify
replace: description
description: ab
-

#!RESULT ERROR
#!ERROR [LDAP: error code 19 - modify breaks constraint on associatedName]
dn: dc=1,ou=user,ou=deka,dc=example,dc=com
changetype: modify
replace: associatedName
associatedName: uid=15,ou=group,ou=deka,dc=example,dc=com
-

#!RESULT OK
dn: uid=14,ou=group,ou=deka,dc=example,dc=com
changetype: delete

#!RESULT OK
dn: dc=1,ou=user,ou=deka,dc=example,dc=com
changetype: modify
replace: description
description: abc
-

#!RESULT ERROR
#!ERROR [LDAP: error code 19 - modify breaks constraint on associatedName]
dn: dc=1,ou=user,ou=deka,dc=example,dc=com
changetype: modify
replace: associatedName
associatedName: uid=14,ou=group,ou=deka,dc=example,dc=com
-



Followup 8

Download message
Date: Thu, 25 Oct 2012 14:50:35 +0200
From: Jan Synacek <jsynacek@redhat.com>
To: openldap-its@openldap.org
Subject: Re: AW: AW: (ITS#7418) slapo-constraint are broken
On 10/25/2012 01:41 PM, Sascha.Kuehndel@deka.de wrote:
> Hi,
> 
> it looks better.
> make test an my own tests was successful.

Great.

URL:
ftp://ftp.openldap.org/incoming/jsynacek-20121025-slapo-constraint-uri-restrict-fix.patch


The attached file is derived from OpenLDAP Software. All of the modifications
to
OpenLDAP Software represented in the following patch(es) were developed by Red
Hat. Red Hat has not assigned rights and/or interest in this work to any party.
I, Jan Synacek am authorized by Red Hat, my employer, to release this work
under the following terms.

Red Hat hereby place the following modifications to OpenLDAP Software (and only
these modifications) into the public domain. Hence, these modifications may be
freely used and/or redistributed for any purpose with or without attribution
and/or other notice.



-- 
Jan Synacek
Software Engineer, BaseOS team Brno, Red Hat



Followup 9

Download message
Date: Sun, 04 Nov 2012 18:15:07 +0100
From: =?ISO-8859-1?Q?Michael_Str=F6der?= <michael@stroeder.com>
To: Jan Synacek <jsynacek@redhat.com>
CC: sascha.kuehndel@deka.de, openldap-its@openldap.org
Subject: Re: (ITS#7418) slapo-constraint are broken
This is a cryptographically signed message in MIME format.

--------------ms020504060001080007040306
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

The recent fix for ITS#7418 might have caused another regression causing =
a seg
fault.

Please have a look at
http://www.openldap.org/its/index.cgi?findid=3D7431

Ciao, Michael.


--------------ms020504060001080007040306
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIILHzCC
BT8wggQnoAMCAQICDwCmSwABAAIAivjZQ8SBvzANBgkqhkiG9w0BAQUFADB8MQswCQYDVQQG
EwJERTEcMBoGA1UEChMTVEMgVHJ1c3RDZW50ZXIgR21iSDElMCMGA1UECxMcVEMgVHJ1c3RD
ZW50ZXIgQ2xhc3MgMSBMMSBDQTEoMCYGA1UEAxMfVEMgVHJ1c3RDZW50ZXIgQ2xhc3MgMSBM
MSBDQSBJWDAeFw0xMjA2MDYxOTAyMTZaFw0xMzA2MDcxOTAyMTZaMCgxCzAJBgNVBAYTAkRF
MRkwFwYDVQQDDBBNaWNoYWVsIFN0csO2ZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAxXZGav40rnGNLxEggBW94MILWHlfC8a23Jew5U1gPlfRTXOjjzmoaZ1uCyGdgF6M
VvuO9T1aTQNGH+OdeGe3P7Tfc/NsLJFJ2wtd8blvhmodUgse2eypiWjNOd4gZuhalBhgsQ0K
b5D6/1foghII4E264iZlJ7AJ+UYcO+GxvFWT0YMTbLckgDkZk7c3qwTozdhYvXarvqx+8Ou/
kuxpQQhac/ebzxpu0N+RHSf2KIUS0g0tEGnPtGv6iL+9QNHc4JKo9Y9KKVw3tQy+Re+FQLxB
1fPE5F+qxuD3AUENpOwkMsqWLM94ohtx3CFqLpxfUPrnKFLAHOhHEbByYGvFPwIDAQABo4IC
EDCCAgwwgaUGCCsGAQUFBwEBBIGYMIGVMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3LnRydXN0
Y2VudGVyLmRlL2NlcnRzZXJ2aWNlcy9jYWNlcnRzL3RjX2NsYXNzMV9MMV9DQV9JWC5jcnQw
QAYIKwYBBQUHMAGGNGh0dHA6Ly9vY3NwLml4LnRjY2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1
c3RjZW50ZXIuZGUwHwYDVR0jBBgwFoAU6bgoHUbP/M34TpvF7ktg69g7P9EwDAYDVR0TAQH/
BAIwADBKBgNVHSAEQzBBMD8GCSqCFAAsAQEBATAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3
LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBS2
KAWfTfgJ/JQ63qLGwTXYLnI+LzBiBgNVHR8EWzBZMFegVaBThlFodHRwOi8vY3JsLml4LnRj
Y2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1c3RjZW50ZXIuZGUvY3JsL3YyL3RjX0NsYXNzMV9M
MV9DQV9JWC5jcmwwMwYDVR0lBCwwKgYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBwYK
KwYBBAGCNxQCAjAfBgNVHREEGDAWgRRtaWNoYWVsQHN0cm9lZGVyLmNvbTANBgkqhkiG9w0B
AQUFAAOCAQEAQ3bvVUpEq+cQrLpcogyt5BJNk/WvUvOHqhzyj28M9pg9hcDl1+MYl5qqj6tR
GSTLPQZyf287pcmbMwbcTGZO/gbW9v7RYcut6RauWdwKMCUmKC3J4fVfDq9ZETA2WOV68ef4
B3Gzdhghsbp3Rhp5dDmrCVKAHlafm6ZwJrEQ9P76fxnQZzRLgeKpZep5ePH5YHUB3+YaOQvJ
FG0bOXvfHhRiRG7/HW2G+yDgjHSxDz8AFzMWL/RFePqZ4pn6T/SM/qU6WEpW39MWyJNoH/Kx
QDYK8gGYuesn1ciMCTnjrvZQj0fonGTO4SfWekJRkuGrJ7dYSZRjYbDcWBBkdFLWzzCCBdgw
ggTAoAMCAQICDgboAAEAAkqWLSQM/sXJMA0GCSqGSIb3DQEBBQUAMHkxCzAJBgNVBAYTAkRF
MRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSQwIgYDVQQLExtUQyBUcnVzdENlbnRl
ciBVbml2ZXJzYWwgQ0ExJjAkBgNVBAMTHVRDIFRydXN0Q2VudGVyIFVuaXZlcnNhbCBDQSBJ
MB4XDTA5MTEwMzE0MDgxOVoXDTI1MTIzMTIxNTk1OVowfDELMAkGA1UEBhMCREUxHDAaBgNV
BAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJTAjBgNVBAsTHFRDIFRydXN0Q2VudGVyIENsYXNz
IDEgTDEgQ0ExKDAmBgNVBAMTH1RDIFRydXN0Q2VudGVyIENsYXNzIDEgTDEgQ0EgSVgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC75pBuz2Lp6QuqthDVR+V8XSsncZpozVVt
5KLv5P7yemMRwleKyH3PjmYfZUVL64Biab1GjovFblqVGCrep/EfdRonq20yU+P7TVhiLP8Z
5cegDZotIYhZhM0d8cPIij6w5d4IJM/8QCy6QSOUu4ASiTVItoYE4AFPjLqpmPwcie0fiqHH
hpgmHnJla/7PZdkMZEsaCfVDEWBmJuMzVprJPT40anjG5VBLyM2I5DlsUCaeQCy2O3w3sqf1
3dyzUcv03IICuNc63towXA31Qt0TaVNU6YAmQjMepdfMbspmCZ+G8D2+xophEPPR/1vkstst
smUMqX0XrLonTUJczglPAgMBAAGjggJZMIICVTCBmgYIKwYBBQUHAQEEgY0wgYowUgYIKwYB
BQUHMAKGRmh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2VydHNlcnZpY2VzL2NhY2VydHMv
dGNfdW5pdmVyc2FsX3Jvb3RfSS5jcnQwNAYIKwYBBQUHMAGGKGh0dHA6Ly9vY3NwLnRjdW5p
dmVyc2FsLUkudHJ1c3RjZW50ZXIuZGUwHwYDVR0jBBgwFoAUkqR1LKSevoFE63n8isWVpesQ
dXMwEgYDVR0TAQH/BAgwBgEB/wIBADBSBgNVHSAESzBJMAYGBFUdIAAwPwYJKoIUACwBAQEB
MDIwMAYIKwYBBQUHAgEWJGh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvZ3VpZGVsaW5lczAO
BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFOm4KB1Gz/zN+E6bxe5LYOvYOz/RMIH9BgNVHR8E
gfUwgfIwge+ggeyggemGRmh0dHA6Ly9jcmwudGN1bml2ZXJzYWwtSS50cnVzdGNlbnRlci5k
ZS9jcmwvdjIvdGNfdW5pdmVyc2FsX3Jvb3RfSS5jcmyGgZ5sZGFwOi8vd3d3LnRydXN0Y2Vu
dGVyLmRlL0NOPVRDJTIwVHJ1c3RDZW50ZXIlMjBVbml2ZXJzYWwlMjBDQSUyMEksTz1UQyUy
MFRydXN0Q2VudGVyJTIwR21iSCxPVT1yb290Y2VydHMsREM9dHJ1c3RjZW50ZXIsREM9ZGU/
Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlPzANBgkqhkiG9w0BAQUFAAOCAQEAOcjE
m+6+mO5Icm+N53G2DpCM07LBFSGoRpBoX0oE8TrJaIQh2KXmBHVdn9LU8kt3QzLclctgvwJV
0KwcsMUUl5tlCsMPpR3s2Ek5lbWpvvr0HqtW56blAQiINV9nBd1EJFASIkRjefGbV2nOq9Yz
UU+N8HA7jq1ROhd/NZZraGhjthwKyfjfHV7PKxGlY+3M0MbTIG+q/GhIfm0euDpFqhKG88e9
ALXr/uoSn3MzeOcoOWjTpW3adtFO4VWVgKbgG7jNrFbvRVlHmFLbOm4msjE5aXWxLiTwpJ2X
iF4zKca1vAdAOgw9us90jEtOeiH6GzjNxEMvb7TfeO6Zkuc6HDGCA84wggPKAgEBMIGPMHwx
CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYDVQQLExxU
QyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBUcnVzdENlbnRlciBD
bGFzcyAxIEwxIENBIElYAg8ApksAAQACAIr42UPEgb8wCQYFKw4DAhoFAKCCAhMwGAYJKoZI
hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTIxMTA0MTcxNTA3WjAjBgkq
hkiG9w0BCQQxFgQU2S6ujsV//DKe24vs3qNZa3mUkuEwbAYJKoZIhvcNAQkPMV8wXTALBglg
hkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggq
hkiG9w

Message of length 5910 truncated

Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org